upstream: allow security keys to act as host keys as well as user

keys. Previously we didn't do this because we didn't want to expose the attack surface presented by USB and FIDO protocol handling, but now that this is insulated behind ssh-sk-helper there is less risk. ok markus@ OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c
author: djm@openbsd.org <djm@openbsd.org> 2019-12-15 19:57:30 +0100
committer: Damien Miller <djm@mindrot.org> 2019-12-16 04:19:41 +0100
commit: 56584cce75f3d20aaa30befc7cbd331d922927f3 (patch)
tree: d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /monitor_wrap.c
parent: Allow clock_nanosleep_time64 in seccomp sandbox. (diff)
download: openssh-56584cce75f3d20aaa30befc7cbd331d922927f3.tar.xz
openssh-56584cce75f3d20aaa30befc7cbd331d922927f3.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 06599e3b1..001a8fa1c 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.116 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.117 2019/12/15 18:57:30 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -224,8 +224,6 @@ mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
 	int r;
 
 	debug3("%s entering", __func__);
-	if (sk_provider != NULL)
-		fatal("%s: sk_provider != NULL", __func__);
 	if ((m = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 	if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
author	djm@openbsd.org <djm@openbsd.org>	2019-12-15 19:57:30 +0100
committer	Damien Miller <djm@mindrot.org>	2019-12-16 04:19:41 +0100
commit	56584cce75f3d20aaa30befc7cbd331d922927f3 (patch)
tree	d3e9c2b7c9104b6528758b19eb7fa56dae2fcea6 /monitor_wrap.c
parent	Allow clock_nanosleep_time64 in seccomp sandbox. (diff)
download	openssh-56584cce75f3d20aaa30befc7cbd331d922927f3.tar.xz openssh-56584cce75f3d20aaa30befc7cbd331d922927f3.zip